Thimpress

Learnpress

59 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-39642

  • EPSS 0.12%
  • Veröffentlicht 13.08.2024 11:15:17
  • Zuletzt bearbeitet 13.08.2024 12:58:25

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.

6.5

CVE-2024-7548

  • EPSS 0.61%
  • Veröffentlicht 08.08.2024 06:15:42
  • Zuletzt bearbeitet 08.01.2025 21:07:57

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'order' parameter in all versions up to, and including, 4.2.6.9.3 due to insufficient escaping on the user supplied parameter and lack of suf...

8.8

CVE-2024-6589

  • EPSS 2.41%
  • Veröffentlicht 25.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 09:49:56

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, wit...

5.3

CVE-2024-6099

  • EPSS 0.09%
  • Veröffentlicht 02.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 09:48:57

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout...

5.3

CVE-2024-6088

  • EPSS 1.06%
  • Veröffentlicht 02.07.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 09:48:56

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauth...

8.8

CVE-2023-36516

  • EPSS 0.45%
  • Veröffentlicht 19.06.2024 15:15:57
  • Zuletzt bearbeitet 21.11.2024 08:09:51

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.

9.8

CVE-2023-36515

  • EPSS 0.5%
  • Veröffentlicht 19.06.2024 15:15:56
  • Zuletzt bearbeitet 21.11.2024 08:09:51

Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3.

5.3

CVE-2024-5483

  • EPSS 6.04%
  • Veröffentlicht 05.06.2024 03:15:08
  • Zuletzt bearbeitet 21.11.2024 09:47:46

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of get_items_permissions_check function. This makes it possible f...

5.4

CVE-2024-4971

  • EPSS 0.63%
  • Veröffentlicht 22.05.2024 06:15:14
  • Zuletzt bearbeitet 08.01.2025 19:28:26

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.2.6.6 due to insufficient input sanitization and output escaping. This makes it ...

6.5

CVE-2024-4444

Exploit
  • EPSS 0.93%
  • Veröffentlicht 14.05.2024 15:43:46
  • Zuletzt bearbeitet 14.01.2025 21:40:27

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible ...